Rapid7 – Page 14 – WindowsTechs.com

Patch Tuesday Lowdown, April 2019 Edition

Posted on April 10, 2019 by BrianKrebs

Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows, Internet Explorer (IE) and Edge browsers, Office, Sharepoint and Exchange. Separately, Adobe has issued security updates for Acrobat/Reader and Flash Player. Continue reading Patch Tuesday Lowdown, April 2019 Edition→

Old devices are filled with personal data, Rapid7 research finds

Posted on March 19, 2019 by Jeff Stone

Wannabe thieves shopping around for personal data don’t need to rely on the dark web. They can simply look at used technology stores for second-hand devices that may come pre-loaded with sensitive data. In research published Tuesday, Rapid7 researcher Josh Frantz described how he spent roughly $650 on 85 computers, flash drives and other devices to find more than 366,000 files on them. Just two of the devices Frantz bought had their information properly removed, and three devices were encrypted. The data Frantz found included Social Security numbers, dates of birth, credit data and phone numbers. “After buying the devices, I took them to my command center (a cool name for my basement) and began the data extraction process,” he wrote. “Whenever I brought a computer back, I booted it up to see whether it was bootable and whether it required a password to log in. I wrote a script […]

The post Old devices are filled with personal data, Rapid7 research finds appeared first on CyberScoop.

Continue reading Old devices are filled with personal data, Rapid7 research finds→

February 2019 Patch Tuesday: PrivExchange hole plugged

Posted on February 13, 2019 by Zeljka Zorz

For the February 2019 Patch Tuesday, Microsoft has released fixes for over 70 CVE-numbered vulnerabilities, 20 of which are rated Critical. Also rated Critical are the Adobe Flash security update (ADV190003, which carries a fix for CVE-2019-7090, an in… Continue reading February 2019 Patch Tuesday: PrivExchange hole plugged→

Hack of billion-dollar Norwegian firm is tied to Chinese espionage group APT10

Posted on February 6, 2019 by Sean Lyngaas

Weeks after the Department of Justice announced the indictment of two men linked with a Chinese state-sponsored hacking group, security researchers say they have uncovered a cyber-espionage campaign by the same entity against a European software company, a U.S. law firm, and a global apparel company. Analysts at Recorded Future and Rapid7 tracked the hacking operation between November 2017 and September 2018, and publicly revealed the breaches Wednesday. The researchers assessed with “high confidence” that APT10, a group tied to China’s civilian intelligence agency, was responsible for the hacking, calling the group “the most significant Chinese state-sponsored cyber threat to global corporations known to date.” Only one of the three victims is named: Visma, a billion-dollar Norwegian software company that claims 850,000 customers around the world. The hackers likely breached Visma to gain access to other organizations’ networks, the researchers said, but targeted the law and apparel firms “to gather information for commercial advantage.” Visma […]

The post Hack of billion-dollar Norwegian firm is tied to Chinese espionage group APT10 appeared first on CyberScoop.

Continue reading Hack of billion-dollar Norwegian firm is tied to Chinese espionage group APT10→

Flaw in Guardzilla home security devices allows outsiders to view stored video, researchers say

Posted on December 27, 2018 by Jeff Stone

A popular home security device made by Guardzilla contains a security vulnerability that could make it possible for outsiders to access video recordings, according to research published Thursday. Guardzilla’s indoor wireless security system, the GZ501W, contains hardcoded security keys rendered vulnerable by an outdated algorithm that TechCrunch reports is easy to crack. Hackers can use those keys to log on to Guardzilla’s storage servers at Amazon Web Services to access data uploaded by customers, according to the new findings. Researchers from 0DayAllDay released their findings Thursday after notifying Guardzilla to the vulnerabilities in September and receiving no response. [W]e’re publishing this [Thursday], which happens to be right about 60 days after our first disclosure to the vendor of this video camera,” Tod Beardlsey, research director at Rapid7, explained in blog post. Rapid7 was involved in the research. “Unfortunately, despite multiple efforts at coordination with the vendor, we haven’t heard back from […]

The post Flaw in Guardzilla home security devices allows outsiders to view stored video, researchers say appeared first on CyberScoop.

Continue reading Flaw in Guardzilla home security devices allows outsiders to view stored video, researchers say→

Minerva, Rapid7, & Venafi – Enterprise Security Weekly #119

Posted on December 13, 2018 by Security Weekly Productions

NopSec announces the latest release of its flagship product, Minerva Labs Anti-Evasion Platform achieves VMware ready status, SecurityScorecard announces partnership with cybernance to drive holistic view of cyber risk across the enterprise, and we hav… Continue reading Minerva, Rapid7, & Venafi – Enterprise Security Weekly #119→

Brian Carey, Rapid7 – Business Security Weekly #110

Posted on December 11, 2018 by Security Weekly Productions

Brian Carey is a Senior Security Consultant at Rapid7, specializing in: Security Program Assessments, Security Program Development, Vulnerability Management Program Development, Security Awareness and Policy Development. In this interview, we discuss e… Continue reading Brian Carey, Rapid7 – Business Security Weekly #110→

Security Solutions, Acquisitions, and IPOs – Enterprise Security Weekly #112

Posted on October 25, 2018 by Security Weekly Productions

Netscout takes internet scale Threat Protection to the EDGE, Splunk addresses several vulnerabilities in Enterprise and Light products, Ping Identity launches a Quickstart Private Sandbox, and we have some acquisition updates from CheckPoint acquiring … Continue reading Security Solutions, Acquisitions, and IPOs – Enterprise Security Weekly #112→

BeyondTrust, Rapid7, & Symantec – Enterprise Security Weekly #108

Posted on September 27, 2018 by Security Weekly Productions

In the Enterprise News this week, Bomgar to be renamed BeyondTrust after acquisition from PAM vendor, Rapid7 looks to SOAR with InsightConnect Automation Platform, DigiCert, Gemalto, and ISARA Partner on Quantum-Safe Encryption, Symantec extends Data L… Continue reading BeyondTrust, Rapid7, & Symantec – Enterprise Security Weekly #108→

Scott King, Rapid7 Pt. 2 – Business Security Weekly #100

Posted on September 25, 2018 by Security Weekly Productions

In the second part of Scott’s interview, Michael and April talk with him about ICS security, communication, and building relationships! They discuss the best practices to understand how these systems work, holding accountability, common goals, and how … Continue reading Scott King, Rapid7 Pt. 2 – Business Security Weekly #100→